Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kAFL doesn't handle kernel panic event #13

Open
mxmssh opened this issue May 25, 2018 · 10 comments
Open

kAFL doesn't handle kernel panic event #13

mxmssh opened this issue May 25, 2018 · 10 comments

Comments

@mxmssh
Copy link

mxmssh commented May 25, 2018

Hi guys,

Your project is super cool. I just found 0day in Windows kernel. But it looks like there is a bug. For some reason, kAFL doesn't see kernel panic event and unable to handle it properly. I see the same problem for the test drivers (both for Windows and Linux) provided with kAFL. I want to fix this problem. Have you ever seen such problems or could you point me where to start.

Thank you in advance!

@datadancer
Copy link

Seems that you have done excellent experiments. But this project doesn't provide the agents for Windows and macOS, do you implement the agents by your self? Or can you share the agents with our guys?
Thank you in advance!

@mxmssh
Copy link
Author

mxmssh commented Jul 6, 2018

Hi, yes, I've modified agents distribituted with kAFL to be able to use them for my purposes. I am attaching all the code I have.
agents.zip

@chitoge
Copy link

chitoge commented Jul 7, 2018

Hi @mxmssh, about the problem hooking kernel panics, I believe that it is caused by the Meltdown KPTI patch. I've tried to disable KPTI on Linux and it worked for me, but I don't know how to disable KPTI on Windows so I haven't tested it yet.

@mxmssh
Copy link
Author

mxmssh commented Jul 7, 2018

Hi @chitoge, I am using very old unpatched Windows 7 (guest). Actually, this Meltdown patch created a lot of problems for me before :) kAFL doesn't obtain coverage if the patch is enabled. It took me several days to figure that out.

@chitoge
Copy link

chitoge commented Jul 8, 2018 via email

@mxmssh
Copy link
Author

mxmssh commented Jul 8, 2018

Hm, it is great, I didn't manage to make panic handler work either on Windows or Linux. Could you share more details about your environment:
Host system
Hardware (especially CPU)
Is Meltdown KPTI patch switched off on your host system ?

@chitoge
Copy link

chitoge commented Jul 8, 2018

Yes, I ported KVM-PT patches to Linux 4.13 and Ubuntu 17.10 on the host, and used the QEMU version provided with kAFL. KPTI is enabled on the host. I’ve run kAFL successfully with panics handled correctly on Intel i7-7700HQ and i7-8700.

By the way, I’ve just remembered that there is a bug in the panic handler of kAFL-Fuzzer component, which results in a Python exception when a panic is triggered. Unfortunately I didn’t keep my patched version to see what modifications I’ve made, but the exception should be displayed below the kAFL interface.

@mxmssh
Copy link
Author

mxmssh commented Jul 9, 2018

ok, thank you.

yes, I remember this small bug, I've fixed it.

@datadancer
Copy link

@mxmssh Thanks for your excellent work!

@pyno
Copy link

pyno commented Sep 25, 2018

Hey guys,

I had the same problem, and I tried to fix the bug.
My fix is here if someone needs it: #15

pyno

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants